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submit these references in compliance with their duty of disclosure pursuant to 37 CFR §§ 1 .56 
and 1 .97. The Examiner is requested to make these references of official record in this 
$ application. 
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Please find below and/or attached an Office communication concerning this application or proceeding. 
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Application No. 

10/029,686 


Applicant(s) 

JOINER, HERBERT V. 


Examiner 

Linh LD Son 


Art Unit 

2135 





Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTHS FROM 
THE MAILING DATE OF THIS COMMUNICATION " MONTH(S > 

• a E rsT ( lS —(a,. In no even, However. may a r ep ly oe « mely 

Status 

1)[X] Responsive to communication(s) filed on 21 December 2001 
2a)\J This action is FINAL. 2 b)|El This action is non-final. 

3) Q Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1, 453 O.G. 213. 
Disposition of Claims 

4) [x] Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) _ is/are allowed. 

6) I3 Claim(s) 1^24 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 




Application Papers 

9)D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)\J accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d) 
1 1 )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)Q Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f) 
a)D All b)D Some * c)\J None of: 

1. D Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No 
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3.Q Copies of the certified copies of the priority documents have been received in this National S 
application from the International Bureau (PCT Rule 17.2(a)). 
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4) □ Interview Summary (PTO-413) 

Paper No(s)/Mail Date. . 

5) Q Notice of Informal Patent Application {PTO-1 52) 

6) □ Other: . 



U.S. Pateni and Trademark Office 
PTOL-326 (Rev. 1-04) 
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DETAILED ACTION 

Information Disclosure Statement 

For IDS (paper #2), the IDS fails to comply with 37 CFR 1 .98 (a)(1 1 ), which requires a 
list of all patents, publications, or other info submitted for consideration by the Office. It 
has been placed in the application file, but the info therein has not been considered. 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth ,n section 1 02 of this title, if the differences between the subject matter sought to be patented and 
nln^ ^ S H C V h3t the SUbjeCt matter as a whole would have bee " ^vious at the time £f 

pTJ Th-r? S h m n de °. 3 PerS0 " haViPg ° rdinary ski " in the art to which saj d object matter pertains 
Patentability shall not be negatived by the manner in which the invention was made 



2. 



Claims 1 , 3-6, 8-11, 13-16, and 18-22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Drake et al, hereinafter "Drake", (US/6347374A1). 



3. As per claims 1, 3, 6. 8, 11, 13, 16, 18, and 21, Drake discloses the "Event 

Detection" invention, which includes a method for analyzing a network, scanning 
the network, and detecting intrusions in the network. The system comprises: 
Collector (agent), Parsers, Generic File Transfer Utility (GFTU), Inserter, 
Database, Expert System Engines (ESG) (Host Controller), and 
Manager/configuration GUI (Zone Controller) (See Fig 1). The collector is an 
agent running on computers on the network and there are different collectors 
associated to the applications monitoring (Col 9 lines 53-59). GFTU, locating on 
the client computer, sends data files, such as log files or other files depending on 
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the application to the Parser (Col 9 line 65 to Col 10 line 4). The Parser is 
located on the remote network collecting the data files, parses, and then passes 
the data files in Virtual Record format readable by the ESG to the Inserter (Col 7 
lines 38-54, and Col 10 lines 21-32). The Inserter stores the records in the 
database. The ESG has many functions or controllers, such as deriving 
database information to detect events, Hard-Coded processor, Execution array- 
based processors, and Rule-based interpreters (Col 11 lines 7-17, line 52 to Col 
13 line 67). ESG utilizes the controllers above to analyze and detect intrusion 
(Col 7 line 51 , and Col 1 1 line 53 Col 12 line 67), and creates events model and 
report for the network (Col 15 lines 59-62). The Manager/configuration GUI 
takes all the output data from ESG and generates reports or statistical data 
accordingly (Col 17 lines 1-24). The Manager/Configuration GUI also has admin 
capability to configure rule-based triggers to the event. However, Drake does not 
teach the Zone Controller specifically. Nevertheless, Drake teaches the ESG, 
which has the HC and ZC functionalities as claimed and part is in the 
Manager/Configuration GUI (See above citing). Therefore, it is obvious at the 
time of the invention for one of ordinary skill in the art to separate both 
components to minimize the processing time and load. 

4. As per claims 4, 9, 14, and 19, Drake discloses the system as recited in claim 1, 
wherein the host controllers and the zone controllers operate based on business 
rules (Col 17 lines 15-24). 
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5. As per claims 5, 1 0, 1 5, and 20, Drake and disclose the system as recited 
claim 1, wherein the business rules are user-configurable (Col 17 lines 15-24). 

6. As per claim 22, claim 1 rejection basis is applied. Further, Drake discloses a 
method to configure and identifying the business rules applicable to the network 
users and services (Col 5 lines 36-60 and Col 17 lines 1-24). 

7. Claims 2, 7, 12, 17, 23, and 24 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Drake et al, hereinafter "Drake", (US/6347374A1) in view of 
Eschelbeck (US/6553378B1). 

8. As per claims 2, 7, 1 2, and 1 7, Drake discloses the system as recited in claim 1 . 
However, Drake does not teach the host controllers are further capable of cyber 
cop services. Nevertheless, Eschelbeck discloses the "System and process for 
reporting network events with a plurality of hierarchically-structured databases in 
a distributed computing environment" invention, which teaches a method of 
analyzing, detecting, and response to a network node anomaly, such as 
intrusion, virus attack, and network attack (See Fig. 2). The system includes 
agents, event detectors and analyzer, and root snap-in agent. The event 
responding includes forwarding a snap-in component to control the anomaly (Col 
7 lines 52-63 and Col 10 line 34 to Col 12 line 8). One of the snap-in 
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components is the cyber cop service (Eschelbeck, Col 5 line 34). Therefore, it 
obvious at the time of the invention was made for one of ordinary skill in the art to 
incorporate the teaching to resolve the problem in the network. 



As per claims 23 and 24, Claim 1 rejection is incorporated. However, Drake 
does not teach the anti-virus services. Nevertheless, Eschelbeck teaches the 
implementation of the anti-virus services (Col 7 lines 1-13). Therefore, it is 
obvious at the time of the invention for one of ordinary skill in the art to 
incorporate the service to check the data integrity in the network. 

Conclusion 

Any inquiry concerning this communication from the examiner should be directed 
to Linh Son whose telephone number is (703)-305-8914 or Fax to 703-746-9821. 
If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor Kim Y. Vu can be reached at (703)-305-4393. The fax numbers for 
this group are (703)-872-9306 (official fax). Any inquiry of general nature or 
relating to the status of this application or proceeding should be directed to the 
group receptionist whose telephone number is (703)-305-9600. 



Linh LD Son 
Patent Examiner 
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